Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Illuminate Education ...

 Cyber News

The Attorneys General of California, Connecticut, and New York have announced a $5.1 million settlement with Illuminate Education, Inc., an educational technology company, for failing to adequately protect student data in a 2021 cyber incident. The Illuminate Education data breach exposed the personal information of   show more ...

millions of students across the United States, including over 434,000 students in California alone. The settlement includes $3.25 million in civil penalties for California and a series of court-approved requirements to strengthen the company’s cybersecurity posture. The announcement marks one of the most significant enforcement actions under California’s K-12 Pupil Online Personal Information Protection Act (KOPIPA), highlighting growing regulatory attention on the privacy of children’s data in the digital age. Illuminate Education Data Breach That Exposed Sensitive Student Data The 2021 Illuminate education data breach occurred when a hacker gained access to Illuminate’s systems using credentials belonging to a former employee, an account that had never been deactivated. Once inside the network, the attacker created new credentials, maintained access for several days, and stole or deleted student data. The compromised information included names, races, medical conditions, and details related to special education services — all considered highly sensitive personal data. An investigation by the California Department of Justice found that Illuminate failed to implement basic cybersecurity practices, including: Terminating access for former employees Monitoring suspicious logins or activities Securing backup databases separately from live systems Investigators also revealed that Illuminate had made misleading claims in its Privacy Policy, suggesting its safeguards met federal and state requirements when they did not. The company had even advertised itself as a signatory of the Student Privacy Pledge, only to be removed after the breach. Legal and Regulatory Response California Attorney General Rob Bonta called the case “a reminder to all tech companies, especially those handling children’s data, that California law demands strong safeguards.” “Illuminate failed to appropriately safeguard the data of school children,” Bonta said. “Our investigation revealed troubling security deficiencies that should never have happened for a company entrusted with protecting sensitive data about kids.” Connecticut Attorney General William Tong added that the case marked the first enforcement action under Connecticut’s Student Data Privacy Law. “Technology is everywhere in schools today,” he said. “This action holds Illuminate accountable and sends a clear message to educational technology companies that they must take privacy obligations seriously.” New York Attorney General Letitia James echoed similar concerns: “Students, parents, and teachers should be able to trust that their schools’ online platforms are safe and secure. Illuminate violated that trust and failed to take even basic steps to protect student data.” Compliance Measures and Industry Lessons As part of the settlement, Illuminate has agreed to: Strengthen account management and terminate credentials of former employees. Enable real-time monitoring for suspicious activity. Segregate backup databases from active networks. Notify authorities promptly in case of future breaches. Remind school districts to review stored student data for retention and deletion compliance. This Illuminate Education data breach case follows several other enforcement actions led by Attorney General Bonta, including settlements with Sling TV, Blackbaud, and Tilting Point Media, each involving data privacy violations. EdTech Sector Under Radar The Illuminate case emphasizes the critical need for cybersecurity in educational technology. As schools increasingly depend on digital platforms, student data has become a prime target for cybercriminals. Experts emphasize that proactive measures such as continuous monitoring, identity management, and early threat detection are essential to prevent similar incidents. Platforms like Cyble Vision are designed to help organizations detect breaches, monitor risks in real-time, and safeguard sensitive data against evolving cyber threats. For education providers, regulators, and enterprises alike, this case serves as a clear signal — cyber negligence is no longer an option. To learn how Cyble can help strengthen your organization’s data protection and threat monitoring capabilities, request a demo and see how proactive intelligence can prevent the next breach.

image for India Rolls Out Digi ...

 Cyber News

The Government of India’s Department of Pension & Pensioners’ Welfare (DoPPW) has launched the Digital Life Certificate (DLC) Campaign 4.0, a national drive to make pension services more accessible and efficient for millions of retired central government employees. The Digital Life Certificate 4.0 initiative   show more ...

aims to simplify how pensioners verify their annual life certificates — an essential process to continue receiving pension benefits. Through Face Authentication Technology, biometric devices, mobile applications, and doorstep services, pensioners can now complete the process without visiting a government office or bank. Simplifying Pension Submissions Through Digital Life Certificate 4.0 The Digital Life Certificate 4.0, also known as Jeevan Pramaan, is a key part of India’s digital governance efforts. It allows pensioners to verify their identity remotely, reducing the need for in-person visits and paperwork. This move is especially beneficial for elderly citizens and those living in distant locations, including Indian pensioners residing overseas. The Department of Pension & Pensioners’ Welfare continues to expand its reach through the DLC 4.0 campaign, running from November 1 to November 30, 2025, to ensure that every pensioner can submit their life certificate easily and securely through digital means. Source: https://www.staffnews.in/2025/11/ Strengthening Cybersecurity Awareness With the growing adoption of online systems, the department has also issued an important cybersecurity advisory to protect pensioners from fraud, identity theft, and misuse of personal information. The India pensioners cybersecurity advisory emphasizes that while digital services improve convenience, cybersecurity awareness is crucial to ensure safe transactions. Below are the key precautions the department has advised all pensioners to follow: Use Only Authorized Platforms Pensioners should submit their Digital Life Certificate 4.0 only through verified government channels such as: The official Jeevan Pramaan Portal The Post Office app The Aadhaar Face RD Application The government has cautioned against using unverified apps or agents claiming to assist with certificate submissions. Safeguard Personal Information Pensioners are advised not to share their Aadhaar number, OTPs, bank details, Pension Payment Order (PPO) number, or mobile number with anyone other than authorized officials. Sharing such details can lead to financial or identity-related fraud. Beware of Fake Calls and Messages The government clarified that no official agency will ever ask for a pensioner’s password, bank PIN, or OTP over the phone or email. Pensioners are encouraged to double-check any communication claiming to be from a government source. Keep Devices and Internet Secure It is important to update mobile phones and computers with the latest software and antivirus protection. Pensioners should also use secure Wi-Fi or mobile networks while submitting their life certificates online. Report Suspicious Activity If pensioners suspect any misuse or fraudulent activity, they should immediately report it to their respective banks or file a complaint on India’s official Cyber Crime Portal at https://cybercrime.gov.in. Building a Safer Digital Ecosystem By combining convenience with cybersecurity, the Indian government is ensuring that digital initiatives like DLC 4.0 are both user-friendly and secure. The campaign represents a broader national effort to promote digital inclusion, enabling senior citizens to access government services with confidence. For pensioners—particularly those who may be less familiar with online systems—this advisory serves as an essential guide to safe digital practices. It reminds users that while technology makes life easier, vigilance remains the best defense against cyber threats. The Department of Pension & Pensioners’ Welfare’s advisory, issued with the approval of the competent authority, underscores India’s growing focus on building a secure and trusted digital future for its citizens. As the DLC 4.0 campaign continues through November 30, 2025, pensioners in India and abroad are encouraged to make use of these digital options—safely, confidently, and with full awareness of the cybersecurity measures that protect them.

image for Europe Hosts First I ...

 Firewall Daily

D-Orbit and the ethical hacking collective mhackeroni have concluded CTRLSpace CTF, the first in-orbit satellite cybersecurity competition ever held in Europe. The event, organized with the support of the European Space Agency’s (ESA) Security Cyber Centre of Excellence and ESA’s Security Office, marked a   show more ...

major step toward strengthening Europe’s space defence capabilities.  The final phase of the CTF (Capture the Flag) competition took place from 4–6 November at ESA’s ESTEC facility in the Netherlands, coinciding with the Security for Space Systems (3S) conference. For the first time, contestants engaged directly with operational spacecraft, the ION Satellite Carrier, in a live environment designed to simulate real-world cybersecurity threats in orbit.  A New Era in Space Security with CTF  The CTRLSpace CTF competition aimed to confront one of the fastest-growing challenges in the modern space economy: protecting satellites and orbital infrastructure from cyberattacks. According to D-Orbit, the event demonstrated not only the feasibility of in-orbit cybersecurity testing but also the urgent need to integrate protection mechanisms into every phase of satellite design.  “Cybersecurity has become a fundamental pillar of the new space economy,” said Grazia Bibiano, D-Orbit’s Country Leader for Portugal. “At D-Orbit, we integrate it from the very first design stages because security cannot be an add-on; it must be built into the DNA of every system we send into orbit.”  Davide Avanzi, D-Orbit’s Head of Space and Product Security, echoed this sentiment, emphasizing the complexity of the task: “Protecting space infrastructure is one of the most complex engineering challenges of our time. By adopting a security-by-design approach, we ensure mission resilience, data integrity, and trust in the space services of the future.”  From Hundreds of Teams to One Winner  The competition attracted immense global interest. A total of 559 teams registered for the qualifying round, with 299 solving at least one challenge. Over 25 tasks, participants collectively submitted 660 correct flags, showcasing a wide range of cybersecurity expertise.  From this large pool, five finalist teams advanced to the live finals at ESA ESTEC. These top competitors were given the rare opportunity to test their skills against actual spacecraft systems. Using secure, isolated environments, the event employed three active ION satellites to deliver authentic telemetry data and command interfaces.  The finalists had to decode real telemetry, send command sequences, analyze orbital positions, and interact with onboard software to uncover vulnerabilities, an experience that mirrored genuine satellite operations. Ultimately, the team Superflat emerged victorious, securing the top spot in this historic satellite cybersecurity competition.  Testing the Future of Space Defense  According to Daniele Lain from mhackeroni, developing challenges for a space-based environment required unprecedented innovation. “The space environment poses unique issues to the development of engaging challenges,” he noted, highlighting the technical and logistical hurdles faced during the design of the CTF tasks.  Antonios Atlasis, Head of the System Security Section at ESA, noted the broader implications of the event. “Cybersecurity protection of space missions is not an option,” he stated.   “The successful implementation and execution of CTRLSpace CTF not only provided the unique opportunity for students from all over Europe to compete on cybersecurity challenges implemented in real satellites, but it also proved that the implementation of cybersecurity protection measures in satellites is possible, even for the most challenging security scenarios.” 

image for New AI Vulnerability ...

 Firewall Daily

A new vulnerability scoring system has just been announced. The initiative, called the AI Vulnerability Scoring System (AIVSS), aims to fill the gaps left by traditional models such as the Common Vulnerability Scoring System (CVSS), which were not designed to handle the complex, non-deterministic nature of modern   show more ...

AI technologies.  AI security expert, author, and adjunct professor Ken Huang introduced the AIVSS framework, emphasizing that while CVSS has long been a cornerstone for assessing software vulnerabilities, it fails to capture the unique threat landscape presented by agentic and autonomous AI systems.  “The CVSS and other regular software vulnerability frameworks are not enough,” Huang explained. “These assume traditional deterministic coding. We need to deal with the non-deterministic nature of Agentic AI.”  Huang serves as co-leader of the AIVSS project working group alongside several prominent figures in cybersecurity and academia, including Zenity Co-Founder and CTO Michael Bargury, Amazon Web Services Application Security Engineer Vineeth Sai Narajala, and Stanford University Information Security Officer Bhavya Gupta.   Together, the group has collaborated under the Open Worldwide Application Security Project (OWASP) to develop a framework that provides a structured and measurable approach to assessing AI-related security threats.  According to Huang, Agentic AI introduces unique challenges because of its partial autonomy. “Autonomy is not itself a vulnerability, but it does elevate risk,” he noted. The AIVSS is designed specifically to quantify those additional risk factors that emerge when AI systems make independent decisions, interact dynamically with tools, or adapt their behavior in ways that traditional software cannot.  A New Approach to AI Vulnerability Scoring  The AI Vulnerability Scoring System builds upon the CVSS model, introducing new parameters tailored to the dynamic nature of AI systems. The AIVSS score begins with a base CVSS score and then incorporates an agentic capabilities assessment. This additional layer accounts for autonomy, non-determinism, and tool use, factors that can amplify risk in AI-driven systems. The combined score is then divided by two and multiplied by an environmental context factor to produce a final vulnerability score.  A dedicated portal, available at aivss.owasp.org, provides documentation, structured guides for AI risk assessment, and a scoring tool for practitioners to calculate their own AI vulnerability scores.  Huang highlighted a critical difference between AI systems and traditional software: the fluidity of AI identities. “We cannot assume the identities used at deployment time,” he said. “With agentic AI, you need the identity to be ephemeral and dynamically assigned. If you really want to have autonomy, you have to give it the privileges it needs to finish the task.”   Top Risks in Agentic AI Systems  The AIVSS project has also identified the ten most severe core security risks for Agentic AI, though the team has refrained from calling it an official “Top 10” list. The current risks include:  Agentic AI Tool Misuse  Agent Access Control Violation  Agent Cascading Failures  Agent Orchestration and Multi-Agent Exploitation  Agent Identity Impersonation  Agent Memory and Context Manipulation  Insecure Agent Critical Systems Interaction  Agent Supply Chain and Dependency Attacks  Agent Untraceability  Agent Goal and Instruction Manipulation  Each of these risks reflects the interconnected and compositional nature of AI systems. As the draft AIVSS document notes, “Some repetition across entries is intentional. Agentic systems are compositional and interconnected by design. To date, the most common risks such as Tool Misuse, Goal Manipulation, or Access Control Violations, often overlap or reinforce each other in cascading ways.”  Huang provided an example of how this manifests in practice: “For tool misuse, there shouldn’t be a risk in selecting a tool. But in MCP systems, there is tool impersonation, and also insecure tool usage.” 

image for What is FileFix — ...

 Business

We recently covered the ClickFix technique. Now, malicious actors have begun deploying a new twist on it, which was dubbed “FileFix” by researchers. The core principle remains the same: using social engineering tactics to trick the victim into unwittingly executing malicious code on their own device. The   show more ...

difference between ClickFix and FileFix is essentially where the command is executed. With ClickFix, attackers convince the victim to open the Windows Run dialog box and paste a malicious command into it. With FileFix, however, they manipulate the victim into pasting a command into the Windows File Explorer address bar. From a user perspective, this action doesn’t appear unusual — the File Explorer window is a familiar element, making its use less likely to be perceived as dangerous. Consequently, users unfamiliar with this particular ploy are significantly more prone to falling for the FileFix trick. How attackers manipulate the victim into executing their code Similar to ClickFix, a FileFix attack begins when a user is directed — most often via a phishing email — to a page that mimics the website of some legitimate online service. The fake site displays an error message preventing access to the service’s normal functionality. To resolve the issue, the user is told they need to perform a series of steps for an “environment check” or “diagnostic” process. To do this, the user is told they need to run a specific file that, according to the attackers, is either already on the victim’s computer or has just been downloaded. All the user needs to do is copy the path to the local file and paste it into the Windows File Explorer address bar. Indeed, the field from which the user is instructed to copy the string shows the path to the file — which is why the attack is named “FileFix”. The user is then instructed to open File Explorer, press [CTRL] + [L] to focus on the address bar, paste the “file path” via [CTRL] + [V], and press [ENTER]. Here’s the trick: the visible file path is only the last few dozen characters of a much longer command. Preceding the file path is a string of spaces, and before that is the actual malicious payload the attackers intend to execute. The spaces are crucial for ensuring the user doesn’t see anything suspicious after pasting the command. Because the full string is significantly longer than the address bar’s visible area, only the benign file path remains in view. The true contents are only revealed if the information is pasted into a text file instead of the File Explorer window. For instance, in a Bleeping Computer article based on research by Expel, the actual command was found to launch a PowerShell script via conhost.exe. The user believes they’re pasting a file path, but the command actually contains a PowerShell script. Source What happens after the malicious script is run A PowerShell script executed by a legitimate user can cause trouble in a multitude of ways. Everything depends on corporate security policies, the specific user’s privileges, and the presence of security solutions on the victim’s computer. In the case mentioned previously, the attack utilized a technique named “cache smuggling”. The same fake website that implemented the FileFix trick saved a file in JPEG format into the browser’s cache, but the file actually contained an archive with malware. The malicious script then extracted this malware and executed it on the victim’s computer. This method allows the final malicious payload to be delivered to the computer without overt file downloads or suspicious network requests, making it particularly stealthy. How to defend your company against ClickFix and FileFix attacks In our post about the ClickFix attack technique, we suggested that the simplest defense was to block the [Win] + [R] key combination on work devices. It’s extremely rare for a typical office employee to genuinely need to open the Run dialog box. In the case of FileFix, the situation is a bit more complex: copying a command into the address bar is perfectly normal user behavior. Blocking the [CTRL] + [L] shortcut is generally undesirable for two reasons. First, this combination is frequently used in various applications for diverse, legitimate purposes. Second, it wouldn’t fully help, as users can still access the File Explorer address bar by simply clicking it with the mouse. Attackers often provide detailed instructions for users if the keyboard shortcut fails. Therefore, for a truly effective defense against ClickFix, FileFix, and similar schemes, we recommend first and foremost deploying a reliable security solution on all employee work devices that can detect and block the execution of dangerous code in time. Second, we advise regularly raising employee awareness about modern cyberthreats — particularly the social engineering methods employed in ClickFix and FileFix scenarios. The Kaspersky Automated Security Awareness Platform can help automate employee training.

 Feed

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast

 Feed

According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI

 Feed

Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. "The attacker's modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments," Sekoia said. "This campaign

 Feed

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below - ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057

 Feed

Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  The

 Feed

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. "Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs," the Genians

2025-11
Aggregator history
Monday, November 10
SAT
SUN
MON
TUE
WED
THU
FRI
NovemberDecemberJanuary